Man in the middle
Posted: Tue Dec 29, 2009 9:56 pm
Greetings web programmers,
please forgive my ignorance but I really don't understand man in the middle attacks at all except that there are many packet sniffers readily available. Please I would greatly appreciate if some of you will more than just clue me in but actually spell it out for me very simply and clearly - how does a man in the middle attack work, and how is it prevented exactly.
1. How does he get the packets? Thousands checked for i.p. address or what?
2. What does he do with the packets? Copy and insert his from address or modify the original to be from him or are both possible or something else?
3. What about return packets? The incoming sniffed packets could yield a login for use in the future but won't be needed for a current session if the MITM can get all of the output being sent to the logged in user? If the whole web page being sent back was encrypted, how does the user decipher it without a server as in php and javascript on the user's machine?
4. SSL and certificates I read are to identify and prevent a fake web page from getting the real logins, what prevents the certificates from being copied? If SSL is just encryption that is decrypted by the server, what prevents the MITM from getting authenticated by sending the same encrypted packets? I read that the server is expecting a certain number of bytes such as what a password would have, can the same be done without SSL? How does the server know the amount of bytes to expect since it does not know the user's i.p. address?
5. If I use a cookie to verify my user's session, what prevents a MITM sniffer from obtaining the cookie?
6. As if looking at my user's data coming and going weren't bad enough, how do I keep the MITM from altering packets or stealing logins or sessions with the purpose of changing my user's data on the server?
please forgive my ignorance but I really don't understand man in the middle attacks at all except that there are many packet sniffers readily available. Please I would greatly appreciate if some of you will more than just clue me in but actually spell it out for me very simply and clearly - how does a man in the middle attack work, and how is it prevented exactly.
1. How does he get the packets? Thousands checked for i.p. address or what?
2. What does he do with the packets? Copy and insert his from address or modify the original to be from him or are both possible or something else?
3. What about return packets? The incoming sniffed packets could yield a login for use in the future but won't be needed for a current session if the MITM can get all of the output being sent to the logged in user? If the whole web page being sent back was encrypted, how does the user decipher it without a server as in php and javascript on the user's machine?
4. SSL and certificates I read are to identify and prevent a fake web page from getting the real logins, what prevents the certificates from being copied? If SSL is just encryption that is decrypted by the server, what prevents the MITM from getting authenticated by sending the same encrypted packets? I read that the server is expecting a certain number of bytes such as what a password would have, can the same be done without SSL? How does the server know the amount of bytes to expect since it does not know the user's i.p. address?
5. If I use a cookie to verify my user's session, what prevents a MITM sniffer from obtaining the cookie?
6. As if looking at my user's data coming and going weren't bad enough, how do I keep the MITM from altering packets or stealing logins or sessions with the purpose of changing my user's data on the server?